This invention relates to automated banking machines. Specifically this invention relates to an automated banking machine system and method that is capable of configuring an automated banking machine with encryption keys.
Automated banking machines are well known. A common type of automated banking machine used by consumers is an automated teller machine (xe2x80x9cATMxe2x80x9d). ATMs enable customers to carry out banking transactions. Common banking transactions that may be carried out with ATMs include the dispensing of cash, the making of deposits, the transfer of funds between accounts, the payment of bills and account balance inquiries. The types of banking transactions a customer can carry out are determined by capabilities of the particular banking machine and the programming of the institution operating the machine. Other types of automated banking machines may allow customers to charge against accounts or to transfer funds. Other types of automated banking machines may print or dispense items of value such as coupons, tickets, wagering slips, vouchers, checks, food stamps, money orders, scrip or traveler""s checks. For purposes of this disclosure an ATM, an automated banking machine, or an automated transaction machine shall encompass any device which carries out transactions including transfers of value.
Many ATMs are configured to require consumers to enter a Personal Identification Number (PIN) with a keypad of the ATM prior to being granted permission to perform transaction functions with the ATM. The PIN is communicated to a host system by the ATM for purposes of authenticating the identity of the consumer. To prevent the PIN from being stolen by an unauthorized party, ATMs are operative to encrypt the PIN prior to sending the PIN to a host system. For many years Single-DES encryption has been used by ATMs to encrypt PINs using an 8 byte Communication (COM) secret key. Unfortunately, as the cost of computer processing power decreases over time, the risk of the encryption being cracked by unauthorized individuals or entities is increasing. Consequently, there exists a need for new and existing ATMs to include support for a more secure encryption protocol.
PIN information may be encrypted using a COM key known to both the ATM and the host system. The COM key may be securely sent to the ATM from the host system by encrypting the COM key with a terminal master key known to both the ATM and the host system. To maintain the secrecy of a terminal master key, when an ATM is being initially configured for operation, the initial terminal master key is often required to be manually installed by a two-person team at the ATM. Each person of the team has knowledge of only a portion of the information necessary to generate the initial terminal master key. To install the terminal master key successfully, each person must input into the ATM his or her known portion of the terminal master key. Once installed, the inputted portions undergo a mathematical procedure that results in a sixteen (16) character key unknown to either person.
In general, financial institutions or other entities which operate ATMs, are responsible for inserting a unique initial terminal master key in their ATMs. Such entities are also responsible for periodically updating the COM key used for PIN encryption. Although the use of two-person teams to install the initial terminal master key increases the security of the system, in general such a protocol increases the maintenance costs per ATM and is generally cumbersome to manage. As a result, existing keys on ATMs are often not updated on a regular basis, which increases their vulnerability to being cracked. Consequently, there exists a need for a new system and method of installing the initial terminal master key which is less costly and less cumbersome to perform. There is a further need for a new system and method of installing a terminal master key on an ATM which is equally or more secure than a two-person team system.
It is an object of an exemplary form of the present invention to provide an automated banking machine at which a user may conduct transactions.
It is a further object of an exemplary form of the present invention to provide an automated banking machine which is more secure.
It is a further object of an exemplary form of the present invention to provide an automated banking machine which supports more secure encryption protocols.
It is a further object of an exemplary form of the present invention to provide a system and method for securely installing a terminal master key on an automated banking machine.
It is a further object of an exemplary form of the present invention to provide a system and method for securely and remotely installing a terminal master key on an automated banking machine.
It is a further object of an exemplary form of the present invention to provide a system and method for securely and remotely installing a terminal master key on an automated banking machine with the use of only a single operator at the ATM.
Further objects of exemplary forms of the present invention will be made apparent in the following Best Modes for Carrying Out Invention and the appended claims.
The foregoing objects are accomplished in an exemplary embodiment by an automated banking machine that includes output devices such as a display screen, and input devices such as a touch screen and/or a keyboard. The ATM further includes devices such as a cash dispenser mechanism for sheets of currency, a printer mechanism, a card reader/writer, a depository mechanism and other transaction function devices that are used by the machine in carrying out banking transactions. In the exemplary embodiment the ATM includes at least one computer. The computer is in operative connection with the output devices and the input devices, as well as with the cash dispenser mechanism, card reader and other physical transaction function devices in the banking machine. The computer is further operative to communicate with a host system located remotely from the ATM.
In the exemplary embodiment, the computer includes software programs that are executable therein. The software programs of the ATM are operative to cause the computer to output user interface screens through a display device of the ATM. The user interface screens include consumer screens which provide a consumer with information for performing consumer operations such as banking functions with the ATM. The user interface screens further include service screens which provide a person servicing the ATM with information for performing service and maintenance operations with the ATM. In addition the ATM includes software programs operative in the computer for controlling and communicating with hardware devices of the ATM including the transaction function devices.
In an exemplary embodiment, the ATM includes encryption software and/or hardware which is operative to encrypt PIN information with DES keys securely received from the host system. In one exemplary embodiment, the ATM includes a keypad or encrypting pin pad (EPP) input device which is operative to encrypt a consumer entered PIN within a secure module directly at the keypad. The EPPs of exemplary embodiments are further operative to perform either Single-DES or Triple-DES encryption operations for message authentication, local PIN verification and key transport.
In the exemplary embodiment, the EPP and/or other hardware/software in the computer may be operative to establish a secure communication session between the ATM and a host system environment for transferring terminal master keys to the ATM from the host system. In the exemplary embodiment, individual authentication may be required from both the ATM and the host system to establish the secure communication session. Authentication may be achieved in one exemplary embodiment using digital certificates and digital signatures. Both the ATM and the host system each have individual certificates which may be exchanged between the ATM and host system in a point-to-point communication. The exchanged certificates enable the ATM and the host system to authenticate each other and establish a secure session through a Public Key Infrastructure (PKI). The secure session enables DES keys to be remotely installed and updated on an ATM by a host system. In the exemplary embodiment, the host system may be operative to coordinate the remote key management of DES keys for a plurality of ATMs connected to the host system.
To facilitate authentication and key management, both the ATM and host system may each include a pair of certificates. A first one of the certificates may be used for enciphering and deciphering information sent between the host system and the ATM. A second one of the certificates may be used for generating digital signatures and verifying digital signatures on information passed between the host system and ATM. In the exemplary embodiment, the ATM or a device of the ATM such as an encrypting keypad or encrypting pin pad (EPP) may be manufactured to include an initial set of the certificates which are issued by an initial certificate authority (CA). The exemplary ATM or a EPP device of the ATM may also be manufactured to include the public keys of the initial CA. In addition a host system connected to the ATM may include certificates issued by the initial CA and the public keys of the initial CA.
In the exemplary embodiment, an operator at the ATM may be enabled to cause the ATM to initiate the exchange of certificates between the ATM and the host system. To prevent a possible man-in-the-middle attack on the ATM and host, exemplary embodiments may include the ATM outputting through a display device of the ATM, a one-way hash of the public key of the host system found on each certificate of the host system. The operator may then independently verify that each displayed one-way hash corresponds to a hash of the expected public key found in an authentic certificate of the host system.
In an exemplary embodiment, a financial institution may be operative to replace the initial CA with a new CA and may be operative to remotely cause the ATM and the host system to receive new sets of certificates issued by the new CA.